Ga naar inhoud

http://www.myserchresults.com


Jean Paul

Aanbevolen berichten

  • Reacties 81
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Geplaatste afbeeldingen

ComboFix 12-12-17.02 - Jeanpaul 18/12/2012 23:07:54.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6092.3467 [GMT 1:00]

Gestart vanuit: c:\program files\ComboFix.exe

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\DealPly

c:\program files (x86)\DealPly\DealPly.crx

c:\program files (x86)\DealPly\DealPly.xpi

c:\program files (x86)\DealPly\DealPlyIE.dll

c:\program files (x86)\DealPly\DealPlyTune.dll

c:\program files (x86)\DealPly\DealPlyUpdate.exe

c:\program files (x86)\DealPly\DealPlyUpdate.log

c:\program files (x86)\DealPly\DealPlyUpdateRun.exe

c:\program files (x86)\DealPly\icon.ico

c:\program files (x86)\DealPly\sqlite3.dll

c:\program files (x86)\DealPly\uninst.exe

c:\users\Jeanpaul\AppData\Local\Microsoft\Windows\Temporary Internet Files\dealply

c:\windows\SysWow64\tempdir

c:\windows\SysWow64\tempdir\tinypdf.dll

c:\windows\wininit.ini

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-18 to 2012-12-18 ))))))))))))))))))))))))))))))

.

.

2012-12-18 22:17 . 2012-12-18 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-18 22:17 . 2012-12-18 22:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-12-18 19:11 . 2012-12-18 19:35 -------- d-----w- c:\program files (x86)\office Convert Pdf to Jpg Jpeg Tiff

2012-12-18 19:08 . 2012-12-18 19:08 -------- d-----w- C:\Output Files

2012-12-18 18:22 . 2012-12-18 19:35 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free

2012-12-18 18:02 . 2012-12-18 18:02 -------- d-----w- c:\program files (x86)\WiseConvert

2012-12-18 17:44 . 2012-12-18 17:48 -------- d-----w- c:\program files (x86)\FLV_Runner

2012-12-18 14:35 . 2012-12-18 14:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-18 14:35 . 2012-12-18 14:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-18 09:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E65ED73B-9575-48BD-A5DA-61D6ED7B2E72}\mpengine.dll

2012-12-18 09:41 . 2012-12-18 09:42 -------- d-----w- C:\9f6307b2b165adf68fbc7cd8494c0d8d

2012-12-17 17:49 . 2012-12-17 17:49 61440 ----a-w- c:\windows\SysWow64\drivers\puxr.sys

2012-12-17 08:17 . 2012-12-18 17:04 -------- d-----w- c:\program files\FrostWire 5

2012-12-16 09:32 . 2012-12-17 10:42 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\vlc

2012-12-15 10:43 . 2012-12-15 10:43 -------- d-----w- c:\program files (x86)\VideoLAN

2012-12-15 10:42 . 2012-12-15 10:42 -------- d-----w- c:\program files (x86)\PriceGong

2012-12-15 10:40 . 2012-12-16 11:12 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\Fighters

2012-12-15 10:39 . 2012-12-16 11:13 -------- d-----w- c:\programdata\Fighters

2012-12-15 10:38 . 2012-12-15 10:38 652072 ----a-w- c:\program files\VLC_Media_Player_Setup.exe

2012-12-13 16:35 . 2012-12-13 16:35 -------- d-----w- c:\program files (x86)\Conduit

2012-12-12 19:39 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 19:38 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 19:38 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-12 19:38 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 19:38 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-12 19:38 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-12 19:38 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-12 19:38 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 19:38 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 17:31 . 2012-12-12 17:31 15728568 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-12-12 17:16 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-12 16:44 . 2012-12-12 16:44 -------- d-----w- c:\programdata\BrowserProtect

2012-12-12 16:32 . 2012-12-12 16:32 -------- d-----w- c:\program files (x86)\Ask.com

2012-12-12 16:32 . 2012-12-12 16:32 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\Paltalk

2012-12-12 16:32 . 2012-12-12 16:32 -------- d-----w- c:\programdata\APN

2012-12-11 10:05 . 2012-12-18 18:02 -------- d-----w- c:\users\Jeanpaul\AppData\Local\Conduit

2012-12-08 08:49 . 2012-12-08 08:49 3427424 ----a-w- c:\program files\rcsetup144.exe

2012-12-04 08:55 . 2012-12-04 08:55 -------- d-----w- c:\users\Jeanpaul\AppData\Local\Microsoft Help

2012-12-04 08:55 . 2012-12-04 08:55 -------- d-----w- c:\programdata\Microsoft Help

2012-12-03 08:11 . 2012-12-03 08:11 -------- d-----w- c:\users\Jeanpaul\AppData\Local\APN

2012-12-01 17:29 . 2012-12-02 20:23 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2012-11-29 16:59 . 2012-11-29 17:00 8373517 ----a-w- c:\program files\install_flash_player_ax.exe.ei8c5en.partial

2012-11-28 17:40 . 2012-11-28 17:40 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\Babylon

2012-11-28 17:40 . 2012-11-28 17:40 -------- d-----w- c:\programdata\Babylon

2012-11-28 10:25 . 2012-11-28 10:25 388096 ----a-r- c:\users\Jeanpaul\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-28 10:23 . 2012-11-28 10:23 1402880 ----a-w- c:\program files\HiJackThis.msi

2012-11-28 08:49 . 2012-12-18 22:05 5012571 ------r- c:\program files\ComboFix.exe

2012-11-27 21:56 . 2012-11-27 21:57 10669952 ----a-w- c:\program files\mbam-setup-1.65.1.1000.exe

2012-11-27 17:41 . 2012-12-01 17:38 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2012-11-27 10:58 . 2012-11-27 10:58 480125 ----a-w- c:\program files\adwcleaner.exe

2012-11-26 13:58 . 2012-11-26 13:58 -------- d-----w- c:\programdata\Browser Manager

2012-11-23 10:39 . 2012-11-23 10:39 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\{90140011-0066-0413-0000-0000000FF1CE}

2012-11-23 10:38 . 2012-11-23 10:38 -------- d-----w- c:\programdata\Virtualized Applications

2012-11-20 21:45 . 2012-11-20 21:45 135933721 ----a-w- c:\program files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe

2012-11-20 21:10 . 2012-11-20 21:10 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\OpenOffice.org

2012-11-20 21:08 . 2012-11-20 21:47 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2012-11-20 21:06 . 2012-11-20 21:28 -------- d-----w- c:\program files (x86)\redist

2012-11-20 21:06 . 2012-11-20 21:06 -------- d-----w- c:\program files (x86)\readmes

2012-11-20 21:06 . 2012-11-20 21:06 -------- d-----w- c:\program files (x86)\licenses

2012-11-19 14:07 . 2012-12-12 17:08 -------- d-----w- c:\program files (x86)\BS_Player

2012-11-19 14:06 . 2012-11-20 22:00 -------- d-----w- c:\users\Jeanpaul\AppData\Local\Torch

2012-11-19 13:30 . 2012-11-19 13:30 373440 ----a-w- c:\program files (x86)\SoftonicDownloader_voor_bs-player.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 17:18 . 2012-01-27 16:58 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-10-16 08:38 . 2012-12-01 08:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-01 08:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-01 08:27 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-16 16:40 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 16:40 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 16:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 16:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 19:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-16 16:40 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-16 16:40 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-16 16:40 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-16 16:40 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-16 16:40 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-16 16:40 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-16 16:40 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-16 16:40 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-16 16:40 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 16:40 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-16 16:40 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-25 22:47 . 2012-11-16 16:39 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-16 16:39 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]

2012-12-11 13:48 450472 ----a-w- c:\program files (x86)\PriceGong\2.6.9\PriceGongIE.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\WiseConvert\prxtbWise.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}"= "c:\program files (x86)\WiseConvert\prxtbWise.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Gadwin PrintScreen"="c:\program files\PrintScreen\PrintScreen.exe" [2011-05-03 487424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

.

c:\users\Jeanpaul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\progra~3\BROWSE~1\25911~1.18\{C16C1~1\mngr.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R0 mxclnud;mxclnud;c:\windows\system32\drivers\puxr.sys [x]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-04-12 35840]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-04 340240]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [2011-07-25 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [2011-09-27 1084024]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [2011-08-08 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121215.001\IDSvia64.sys [2012-12-11 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [2011-07-26 189560]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [2011-07-26 401016]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-07 203776]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760]

S2 PCSUService;PC Speed Up Service;c:\program files (x86)\PC Speed Up\PCSUService.exe [2011-11-07 235232]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-16 138912]

S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 14:35]

.

2012-12-17 c:\windows\Tasks\HPCeeScheduleForJeanpaul.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file)

BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files (x86)\DealPly\DealPlyIE.dll

Toolbar-10 - (no file)

Toolbar-!{2d8d9acc-f6d7-4362-8876-a275ca929591} - (no file)

Toolbar-!{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)

Toolbar-!{c98d5b61-b0ea-4d48-9839-1079d352d880} - (no file)

Toolbar-!{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-!{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)

Wow6432Node-HKCU-Run-FDPRO-516 - c:\program files (x86)\Fighters\FighterLauncher.exe

WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)

WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)

WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file)

AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} - c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-12-18 23:19:37

ComboFix-quarantined-files.txt 2012-12-18 22:19

ComboFix2.txt 2012-11-28 17:05

ComboFix3.txt 2012-11-28 09:06

.

Pre-Run: 503.111.045.120 bytes beschikbaar

Post-Run: 502.969.434.112 bytes beschikbaar

.

- - End Of File - - D226B6B66A686F51C611D712CFA77075

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\SysWow64\drivers\puxr.sys

c:\program files\VLC_Media_Player_Setup.exe

c:\windows\SysWow64\FlashPlayerInstaller.exe

c:\program files\rcsetup144.exe

c:\program files\mbam-setup-1.65.1.1000.exe

c:\program files (x86)\SoftonicDownloader_voor_bs-player.exe

Folder::

c:\program files (x86)\WiseConvert

c:\program files (x86)\FLV_Runner

C:\9f6307b2b165adf68fbc7cd8494c0d8d

c:\program files (x86)\PriceGong

c:\program files (x86)\Conduit

c:\program files (x86)\Ask.com

c:\users\Jeanpaul\AppData\Local\Conduit

c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

c:\users\Jeanpaul\AppData\Roaming\Babylon

c:\programdata\Babylon

c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

c:\programdata\Browser Manager

c:\users\Jeanpaul\AppData\Roaming\{90140011-0066-0413-0000-0000000FF1CE}

Registry::

[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

[-HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

[-HKEY_CLASSES_ROOT\clsid\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=-

Driver::

mxclnud

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Dag heren,

Vooreerst wil ik erop wijzen dat we nu al 4 verschillende programma's hebben gedownload en uitgeprobeerd.Zopas heb ik nogmals Combofix gedaan en het log staat hieronder.

Nu, ik kreeg ook een venster , na uitvoering van de laatste Cobofix run en dit was het volgende :

Program files (x86) IE\icxplore.exe

Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering !

Wat heeft dat te beteken ???????

Men probeert steeds maar die 7 Toolbar (NO FILE) te verwijderen en het lukt maar niet. Ik krijg hulp van verschillende mensen die allemaal hetzelfde laten doen maar .....

Maar in iedere rectie die ik stuur stel ik de vraag : gezien er GEEN FILE is dan kan die code ook geen gevaar betekenen ???

Maar ik krijg er maar geen antwoord op maar steeds nieuwe pogingen .Men ontwijkt het steeds .

Zoals in de alinea hiervoor begin ik andere problemen te krijgen en verdwijnt de Internet Explorer.

Hier de log :

ComboFix 12-12-20.02 - Jeanpaul 20/12/2012 17:18:31.7.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.6092.3853 [GMT 1:00]

Gestart vanuit: c:\program files\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Jeanpaul\Desktop\CFScript.txt

AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-11-20 to 2012-12-20 ))))))))))))))))))))))))))))))

.

.

2012-12-20 16:25 . 2012-12-20 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-20 16:25 . 2012-12-20 16:25 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-12-19 14:53 . 2012-12-19 14:53 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E65ED73B-9575-48BD-A5DA-61D6ED7B2E72}\offreg.dll

2012-12-18 22:35 . 2012-12-18 22:35 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\Softplicity

2012-12-18 22:35 . 2012-12-18 22:35 -------- d-----w- c:\program files (x86)\Total PDF Converter

2012-12-18 19:11 . 2012-12-18 19:35 -------- d-----w- c:\program files (x86)\office Convert Pdf to Jpg Jpeg Tiff

2012-12-18 19:08 . 2012-12-18 19:08 -------- d-----w- C:\Output Files

2012-12-18 18:22 . 2012-12-18 19:35 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free

2012-12-18 14:35 . 2012-12-18 14:35 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-18 14:35 . 2012-12-18 14:35 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-18 09:41 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E65ED73B-9575-48BD-A5DA-61D6ED7B2E72}\mpengine.dll

2012-12-17 17:49 . 2012-12-17 17:49 61440 ----a-w- c:\windows\SysWow64\drivers\puxr.sys

2012-12-17 08:17 . 2012-12-18 17:04 -------- d-----w- c:\program files\FrostWire 5

2012-12-16 09:32 . 2012-12-17 10:42 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\vlc

2012-12-15 10:43 . 2012-12-15 10:43 -------- d-----w- c:\program files (x86)\VideoLAN

2012-12-15 10:40 . 2012-12-16 11:12 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\Fighters

2012-12-15 10:39 . 2012-12-16 11:13 -------- d-----w- c:\programdata\Fighters

2012-12-15 10:38 . 2012-12-15 10:38 652072 ----a-w- c:\program files\VLC_Media_Player_Setup.exe

2012-12-12 19:39 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 19:38 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 19:38 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-12 19:38 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 19:38 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-12 19:38 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-12 19:38 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-12 19:38 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 19:38 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys

2012-12-12 17:31 . 2012-12-12 17:31 15728568 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-12-12 17:16 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-12 16:44 . 2012-12-12 16:44 -------- d-----w- c:\programdata\BrowserProtect

2012-12-12 16:32 . 2012-12-12 16:32 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\Paltalk

2012-12-12 16:32 . 2012-12-12 16:32 -------- d-----w- c:\programdata\APN

2012-12-08 08:49 . 2012-12-08 08:49 3427424 ----a-w- c:\program files\rcsetup144.exe

2012-12-04 08:55 . 2012-12-04 08:55 -------- d-----w- c:\users\Jeanpaul\AppData\Local\Microsoft Help

2012-12-04 08:55 . 2012-12-04 08:55 -------- d-----w- c:\programdata\Microsoft Help

2012-12-03 08:11 . 2012-12-03 08:11 -------- d-----w- c:\users\Jeanpaul\AppData\Local\APN

2012-11-29 16:59 . 2012-11-29 17:00 8373517 ----a-w- c:\program files\install_flash_player_ax.exe.ei8c5en.partial

2012-11-28 10:25 . 2012-11-28 10:25 388096 ----a-r- c:\users\Jeanpaul\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-11-28 10:23 . 2012-11-28 10:23 1402880 ----a-w- c:\program files\HiJackThis.msi

2012-11-28 08:49 . 2012-12-20 10:46 5012825 ------r- c:\program files\ComboFix.exe

2012-11-27 21:56 . 2012-11-27 21:57 10669952 ----a-w- c:\program files\mbam-setup-1.65.1.1000.exe

2012-11-27 10:58 . 2012-11-27 10:58 480125 ----a-w- c:\program files\adwcleaner.exe

2012-11-23 10:38 . 2012-11-23 10:38 -------- d-----w- c:\programdata\Virtualized Applications

2012-11-20 21:45 . 2012-11-20 21:45 135933721 ----a-w- c:\program files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe

2012-11-20 21:10 . 2012-11-20 21:10 -------- d-----w- c:\users\Jeanpaul\AppData\Roaming\OpenOffice.org

2012-11-20 21:08 . 2012-11-20 21:47 -------- d-----w- c:\program files (x86)\OpenOffice.org 3

2012-11-20 21:06 . 2012-11-20 21:28 -------- d-----w- c:\program files (x86)\redist

2012-11-20 21:06 . 2012-11-20 21:06 -------- d-----w- c:\program files (x86)\readmes

2012-11-20 21:06 . 2012-11-20 21:06 -------- d-----w- c:\program files (x86)\licenses

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-12 17:18 . 2012-01-27 16:58 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-19 13:30 . 2012-11-19 13:30 373440 ----a-w- c:\program files (x86)\SoftonicDownloader_voor_bs-player.exe

2012-10-16 08:38 . 2012-12-01 08:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-12-01 08:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-12-01 08:27 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-16 16:40 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 18:17 . 2012-11-16 16:40 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-16 16:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-16 16:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-04 16:40 . 2012-12-12 19:41 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-16 16:40 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-16 16:40 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-16 16:40 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-16 16:40 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-16 16:40 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-16 16:40 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-16 16:40 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-16 16:40 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-16 16:40 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-16 16:40 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-16 16:40 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-09-25 22:47 . 2012-11-16 16:39 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-16 16:39 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]

c:\program files (x86)\PriceGong\2.6.9\PriceGongIE.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]

c:\program files (x86)\DealPly\DealPlyIE.dll [bU]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

c:\program files (x86)\WiseConvert\prxtbWise.dll [bU]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"Gadwin PrintScreen"="c:\program files\PrintScreen\PrintScreen.exe" [2011-05-03 487424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-08 336384]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]

.

c:\users\Jeanpaul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"EnableShellExecuteHooks"= 1 (0x1)

.

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2010-04-12 35840]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-02-04 340240]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-22 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1302000.00A\SYMDS64.SYS [2011-07-25 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1302000.00A\SYMEFA64.SYS [2011-09-27 1084024]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [2012-10-23 1384608]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1302000.00A\ccSetx64.sys [2011-08-08 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20121219.001\IDSvia64.sys [2012-12-11 513184]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1302000.00A\Ironx64.SYS [2011-07-26 189560]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1302000.00A\SYMNETS.SYS [2011-07-26 401016]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-05-07 203776]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]

S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe [2011-08-10 138760]

S2 PCSUService;PC Speed Up Service;c:\program files (x86)\PC Speed Up\PCSUService.exe [2011-11-07 235232]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-09-16 138912]

S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-01-13 333928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 14:35]

.

2012-12-17 c:\windows\Tasks\HPCeeScheduleForJeanpaul.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-02-04 1933584]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)

AddRemove-Adobe Flash Player ActiveX - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe

AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe

AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe

AddRemove-WiseConvert Toolbar - c:\program files (x86)\WiseConvert\uninstall.exe

AddRemove-{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406} - c:\programdata\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.2.0.10\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-12-20 17:26:43

ComboFix-quarantined-files.txt 2012-12-20 16:26

ComboFix2.txt 2012-12-20 11:07

ComboFix3.txt 2012-12-18 22:19

ComboFix4.txt 2012-11-28 17:05

ComboFix5.txt 2012-12-20 15:48

.

Pre-Run: 501.673.783.296 bytes beschikbaar

Post-Run: 501.608.849.408 bytes beschikbaar

.

- - End Of File - - 915D1F542AE1319FE33E3A4242B70EC3

Hopelijk krijg ik nu een duidelijk antwoord en degelijke oplossing graag.

Met vriendelijke groeten,

Jean paul

Link naar reactie
Delen op andere sites

KIjk ... er kan geen duidelijk antwoord komen op je vraag, indien we eerst niet alle middelen hebben ingezet om alle foute gegevens (mappen, bestanden en registersleutels) op je PC te hebben verwijderd (of ten minste een poging hebben gedaan om deze te verwijderen). De resultaten van de verschillende behandelingen leveren steeds nieuwe gegevens en/of problemen op, die dan weer eerst - met één of andere actie - moeten aangepakt worden. Zolang daarbij ongewenste zaken blijven opduiken, moeten we daar mee verder gaan.

Het is duidelijk dat al die 'no file'-sleutels behoren tot ongewenste toolbars op je PC. Of ze een negatieve invloed hebben op de werking van de PC is een andere zaak, maar voor de goede gang van zaken worden ze best verwijderd. Indien het voor jou volstaat om zonder deze verwijdering verder te werken met de PC, is je eigen keuze. Dan kunnen we de zoektocht naar de oorzaak van het verschijnen van deze sleutels stopzetten. Behoort dit tot je wensen, dan zullen wij ons daar graag bij neerleggen. Ook hier is de klant koning ;-)

In je nieuwe logje van Combofix zitten nog enkele zaken die weer actie vragen. Maar wil je eerst eens op je bureaublad een snelkoppeling plaatsen van combofix.exe (zoals eerder aangegeven). Dan kan de bewerking met het nieuwe scriptje van Combofix correct uitgevoerd worden op je bureaublad. Bedoeling is immers dat je het scriptje IN de rode snelkoppeling van Combofix sleept om de aanpassingen te laten uitvoeren.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\VLC_Media_Player_Setup.exe

c:\windows\SysWow64\FlashPlayerInstaller.exe

c:\program files\rcsetup144.exe

c:\program files\install_flash_player_ax.exe.ei8c5en.partial

c:\program files\mbam-setup-1.65.1.1000.exe

c:\program files (x86)\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_en-US.exe

c:\program files (x86)\SoftonicDownloader_voor_bs-player.exe

Registry::

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}]

[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}]

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

aangepast door kape
Link naar reactie
Delen op andere sites

Als je onze instructies correct opvolgt, zal het misschien beter gaan.

In bericht nr 16 staat

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Jij hebt het echter opgeslagen in de map c:\program files

In bericht nr 26 zegt Kape

Om correct te werken moet Combofix ook op het bureaublad staan, zodat je het script - dat eveneens op het bureaublad staat - IN de snelkoppeling kan slepen.

Verplaats dus het bestand combofix.exe van de map c:\program files naar je bureaublad.

Sleep dan het bestand CFScript.txt tot op de icoon van combofix en laat los.

Combofix zal dan opstarten en de instructies in het script uitvoeren.

Herstart de pc na de scan met combofix en plaats dan het combofix logje (combofix.txt) samen met een nieuw hijackthis logje in je volgend bericht.

aangepast door kweezie wabbit
Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.